Re: alias_database using ldap with kerberos authentication

[postfix <postfix@xxxxxxxx>]

Hi Mark
if postfix handles kerberos all right, then it should work.

i have done a postfix setup which takes all delivery parameters from 
ldap, (except for myhost, mydomain, ...)
to do that i have created three ldap setups for postfix
/etc/postfix/ldap-alias.cf
/etc/postfix/ldap-domain.cf
/etc/postfix/ldap-mailbox.cf
i am using the qmailUser (for aliases and mailboxes) and qmailControl 
(for domains) objectClasses. i  told postfix to use virtual transport 
for local delivery. for aliasing i use the mailAlternateAddress 
attribute, for domains the virtualDomains attribute, and for mailbox 
delivery the mailMessageStore attribute as result attributes.
the advantage of all this is, that i can handle all domain and mailbox 
configs via the ldap client (http://ldap.ayni.com). the disadvantage is, 
that i get dependent from ldap and that postfix uses more resources.
suomi

Mark Clarke wrote:

> Hi there,
>
> I have the following setup.
>
> Openldap setup to authenticate users via kerberos. I am using heimdal
> kerberos implementation which allows for the principles to be stored in
> the ldap server
>
> I have postfix which is setup to use ldap for alias lookups. I am not
> sure though if postfix can support kerberos authentication for the alias
> database. Here is the relevant section from main.cf. I have created a
> principle postfixuser with the password secret.
>
>
> alias_maps =ldap:ldapsource
> ldapsource_server_host = slain.abc.co.za
> ldapsource_search_base = dc=abc,dc=co,dc=za
> ldapsource_query_filter = (mail=%$)
> ldapsource_bind_dn = cn=postfixuser,dc=kerbeos,dc=abc,dc=co,dc=za
> ldapsource_bind_pw = secret
> ldapsource_start_tls = yes
> ldapsource_tls_ca_cert_file = /etc/ssl/ldap.pem
> ldapsource_result_attribute = mail
> lmtp_cache_connection =NO
>
>
>
> Should this work?
>
> thanks
> Mark
>
>
>